The YubiKey is a terrible implementation of 2f/a.
Here's an example of how pointless it is:
Let's say you're using LastPass. Oh no! You've lost your YubiKey! But wait! You can just use your E-Mail account to reset it!
Tada, the YubiKey is bypassed. An attacker can exploit this to get around the YubiKey.
An even worse scenario is being locked out of your computer because you happened to lose the tiny thing.
I'd love to hear thoughts on the YubiKey. It seems like an exploitable gimmick too me.
Other urls found in this thread:
en.wikipedia.org
nitrokey.com
slashgear.com
lifehacker.com
labs.detectify.com
twitter.com
Shill post? It's more clever than most by using reverse psychology so I'll play along a bit even though it smells off.
Yubikey is pretty good really when used with local resources. The problem in your scenario is using Lastpass.
never heard of this thing
You're fucked if they have physical access anyway
Depends on the attack. You can use Yubikey + passphrase for FDE for example. That way if someone installs a hardware keylogger it still wouldn't be enough to crack it.
Now I sound like advertising copy, I'm done playing along.
Anyone have any experience with NitroKey?
en.wikipedia.org
nitrokey.com
Can't you set up your own "homebrew" version of this along with FDE just using luks and a key file on usb? Backups of the usb stick in safe-deposit makes it pretty foolproof no?
yubikey does more than just a key file. one time passwords so even a keylogger won't work against it
Really?
How they are gonna crack FDE if the password is strong?
You cannot verify that the thing works as intended, therefore it is trash.
and how do you expect to verify any hardware?
This is fucking stupid
How hard would it be to "cut" a key?
Through disassembly, tests and reassembly, how else.
You mean "make a duplicate"? Someone would have to physically disassemble the key and somehow extract the private keys from the protected memory. At that point, since your attacker already has your key, you're fucked anyway.
you're retarded
Through one of the many many backdoors they have built
It's totally secure goys, stop questioning
what exactly is your threat model here? i'm trying to understand what you think the problem is but all i'm getting is that you're retarded and you think jews are bad. funny how often those two go together.
Where are proofs for even one of them? If we don't count (((Windows™)))
nazis weird obsession with purity has no basis in fact
Very basically, the idea is that since race X has good traits, we (X) should preserve those traits for the sake of future generations. The evidence it has good traits comes from X's contributions to science and civilization. These contributions benefit humanity as a whole, and don't cry about muh imperialism because after the colonies were left to their own devices they didn't opt to go back to the jungle.
the native must go back to his casino tbh
and 2FA is a terrible implementation of security backed by companies that can't secure their shit and intended for goys who can't secure their shit. 2FA is a gimmick not to mention almost all forms of it are botnet
Very, the same reason the DoD uses smartcards for their 2FA. I can only assume OP's device is basically a USB smartcard.
Indeed, you should be using something like Pass: The Standard Unix Password Manager instead.
Assuming you actually have an external bootloader that you carry with you, they can still flash your bios with spyware.
Jews are indeed bad. Just as Muslims are bad.
That's not yubikey's fault or how they implemented f2/a. That's lastpasses fault. They put convenience of allowing you to lose your yubikey and reset it by email over locking you out of your account. You shouldn't being using lastpass to start with. They were hacked and lost everybodies passwords before.
2011:
slashgear.com
2015:
lifehacker.com
2016 Visting wrong website with using their autofill addon could be made to dump all passwords to any site:
labs.detectify.com
...